1993-11-18 - List of one-shot passwords

Header Data

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
To: wex@media.mit.edu>
Message Hash: 28b1ca0e61afd58ba99c6a33188338be90897229b23fa9194cf49f822c38c5af
Message ID: <UguvWNa00awFM8JmNl@andrew.cmu.edu>
Reply To: <9311181717.AA22357@media.mit.edu>
UTC Datetime: 1993-11-18 18:06:32 UTC
Raw Date: Thu, 18 Nov 93 10:06:32 PST

Raw message

From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Thu, 18 Nov 93 10:06:32 PST
To: wex@media.mit.edu>
Subject: List of one-shot passwords
In-Reply-To: <9311181717.AA22357@media.mit.edu>
Message-ID: <UguvWNa00awFM8JmNl@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


 "Alan (Gesture Man) Wexelblat" <wex@media.mit.edu> wrote:

> It seems to me that a simpler solution than challenge-response would
> be to emultate the tear-sheet crypto systems and just have a series of
> one-shot passwords generated.  Each time you log in, it requires the
> next password from the sheet, so capturing the old one does no good
> (just as breaking the one-time codes from tear sheets doesn't help).
>
> Now if I could just figure out a simple way to do this on UNIX...

You can use a sequential PRNG to do this, and then add a scrambling
system to the output (to confuse anyone trying to break the pattern).  I
once wrote a program to do this (just for experimentation, and not in
UNIX...).





Thread